Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2422
Views
0
Helpful
1
Replies

Bypass speedtest sites in Firepower?

Ralphy006
Level 1
Level 1

‎08-01-2017 10:38 AM - edited ‎03-10-2019 06:53 AM

Hi guys,

I have a 5545x with an 1 Gig internet connection running IPS, URL, and AMP.

When running speedtests, it causes latency for other users (200ms-400ms). I am running into this issue:

http://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/200420-Processing-of-Single-Stream-Large-Sessio.html

I am trying to allow speedtest sites to bypass the IPS (for perception and I don't like that users can easily hog.

I tried to add "Trust" statements for speedtest.net and speedtest.xfinity.com, however, the traffic is not matching since the speedtests actually go direct to different speedtest servers.

Anyone have any luck with this?

Labels:
0 Helpful
1 Reply 1

Dennis Perto
Level 5
Level 5

‎09-07-2017 12:14 AM

Hi @Ralphy006

 

Sorry for the late response. I just found this post, and I wanted to accomplish the same as you. 

 

I have come up with a two step solution. The first step is to Trust these two applications. (Speedtest.net and fast.com)

SpeedTest

Netflix Stream

 

Next step is to trust more data from SpeedTest.net's websocket.

App is: WebSocket

port is: tcp/8080

URL contains these two:
speedtest
linespeed

 

 

Kind Regards 

Dennis

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card